i have difficulty to explained to our customer when they asked me about "can you explain to us about how the workflows of mcafee ENS (TP and ATP) in our company from detecting malwares to (delete,blocked, all action), all in condensed simple "big pictures" report,
Threat Prevention & ATP provides layered security against threats.
Here's a general overview.
Threat Prevention usually relies on Definitions (AmCore/DAT) & uses GTI lookup to identify malware.
Whereas when Threat Prevention comes across a process with Unknown/low reputation, its forwarded to ATP for monitoring. ATP has its own set of rules to verify if the behavior of the process is malicious.
You can read more about each module in depth in the links below.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.